Oval Definition:oval:org.opensuse.security:def:74325
Revision Date:2021-11-19Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox fixes the following issues:

MozillaFirefox was updated to Extended Support Release 91.3.0 ESR

Fixed: Various stability, functionality, and security fixes

MFSA 2021-49 (bsc#1192250)

* CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
Family:unixClass:patch
Status:Reference(s):1027519
1115375
1140461
1141780
1141781
1141782
1141783
1141784
1141785
1141787
1141788
1141789
1152497
1154448
1154456
1154458
1154460
1154461
1154464
1155945
1192250
CVE-2018-12207
CVE-2019-11135
CVE-2019-18420
CVE-2019-18421
CVE-2019-18422
CVE-2019-18423
CVE-2019-18424
CVE-2019-18425
CVE-2019-2745
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2786
CVE-2019-2816
CVE-2019-2818
CVE-2019-2821
CVE-2019-7317
CVE-2021-38503
CVE-2021-38504
CVE-2021-38505
CVE-2021-38506
CVE-2021-38507
CVE-2021-38508
CVE-2021-38509
CVE-2021-38510
openSUSE-SU-2019:1916-1
SUSE-SU-2021:3745-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • java-11-openjdk-11.0.4.0-lp151.3.6 is installed
  • OR java-11-openjdk-accessibility-11.0.4.0-lp151.3.6 is installed
  • OR java-11-openjdk-demo-11.0.4.0-lp151.3.6 is installed
  • OR java-11-openjdk-devel-11.0.4.0-lp151.3.6 is installed
  • OR java-11-openjdk-headless-11.0.4.0-lp151.3.6 is installed
  • OR java-11-openjdk-javadoc-11.0.4.0-lp151.3.6 is installed
  • OR java-11-openjdk-jmods-11.0.4.0-lp151.3.6 is installed
  • OR java-11-openjdk-src-11.0.4.0-lp151.3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • AND Package Information
  • MozillaFirefox-91.3.0-152.6.1 is installed
  • OR MozillaFirefox-devel-91.3.0-152.6.1 is installed
  • OR MozillaFirefox-translations-common-91.3.0-152.6.1 is installed
  • OR MozillaFirefox-translations-other-91.3.0-152.6.1 is installed
    • BACK